Controllerless Networks

Hi,

 

We have a small group of iAP using WPA Enterprise against a windows NPS server. Everything works correctly authenticating with username and password of the domain.

 

Now we also want to add MAC authentication.

If I add the users MAC addresses in local and activate MAC auth before 802.1x and auth server2: InternalServer, stops working.

Is this the correct way to have both authentications active? Or is it possible to add MAC authentication in the NPS itself?

 

Some posts indicate that this is not possible and that you must use ClearPass

I appreciate your ideas. Thanks in advance

MAC Auth could work with NPS, and I have done it in the past. Have you tried setting something up like the guide here: https://jedsat.wordpress.com/2015/04/29/creating-an-nps-policy-for-mac-based-authentication/

 

 

In reality you wouldn’t be doing mac authentication but instead mac authorization :
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd197535(v=ws.10)?redirectedfrom=MSDN

You will probably need two policies : 1x for 802.1X and 1x for PAP (unauthorized)

Sent from Mail for Windows 10

Hi Dustin, thanks for you response.

 

Do you think that in this scenario, it's possible to have 802.1X and also add MAC auth against the NPS?

 

or at least have 802.1X against NPS and also MAC auth against Local Server (auth server # 2)?

 

Maybe this auth server # 2 (which allows to include Local server and MAC users) is actually exclusive. Or 802.1x xor MAC auth authentication?

 

Regards